Vendor
high
advisory
LORIS SQL Injection Vulnerability (CVE-2026-33350)
2 rules 1 TTP 1 CVEA SQL injection vulnerability exists in LORIS versions prior to 27.0.3 and 28.0.1, allowing attackers to access or alter data via the MRI feedback popup window in the imaging browser.
LORIS
sql-injection
cve-2026-33350
web-application
2r
1t
1c
high
advisory
LORIS Reflected Cross-Site Scripting Vulnerability (CVE-2026-35169)
2 rules 1 TTP 1 CVEA reflected cross-site scripting vulnerability (CVE-2026-35169) exists in the LORIS help_editor module due to insufficient sanitization of user-supplied variables, potentially leading to arbitrary markdown file downloads or script execution if a user clicks a crafted link.
LORIS
xss
cve-2026-35169
2r
1t
1c